[00:14] <tdelam> Hey, I am running Ubuntu Server 14.04 LTS, we require Apache version > 2.4.10 current in apt I only get 2.4.7-1ubuntu4.9. How can I install Apache>2.4.10 via apt? or is this not possible?
[00:15] <tarpman> tdelam: is there a specific 2.4.10 feature you require?
[00:15] <sdeziel> tdelam: 16.04 ships with Apache 2.4.18
[00:16] <tdelam> tarpman: PCI compliance :/
[00:16] <tdelam> mv compliance annoyance
[00:16] <tdelam> sdeziel: oh?
[00:16] <sdeziel> tdelam: out of curiosity, why is PCI requiring a specific version for Apache?
[00:17] <tdelam> sdeziel: I've been through this already, they're idiots, sorry, but it's frustrating. I showed them all CVE's for the current Apache and how their concerns are already patched in this current version
[00:17] <tdelam> in one ear and out the other.
[00:17] <sdeziel> oh
[00:18] <tdelam> yep.
[00:18] <tdelam> is it safe to go from 14.04 to 16.04/
[00:18] <tdelam> ?*
[00:18] <sdeziel> last time I had to mess with PCI, they were asking for TLS 1.2 but they didn't care about software versions
[00:18] <tdelam> yea, quite annoying
[00:19] <sdeziel> tdelam: the distro upgrade isn't yet offered/supported but you can do a fresh install if that's feasible
[00:19] <sdeziel> 16.04 is pretty new (got released yesterday) but I've been happily running it since months and love it
[00:20] <tdelam> I'd have to reconfigure the server, took a lot to get to the current state and passing PCI. This recently came up so I am trying to do this upgrade
[00:20] <sdeziel> tdelam: how do those PCI auditors deal with RHEL boxen? those ship ancient apache (httpd) versions
[00:20] <tdelam> It sounds like I'll need to reinstall apache from source if I can't find a repository for it.
[00:21] <tdelam> sdeziel: I don't know, heh.. they'll be lost
[00:21] <sdeziel> tdelam: maybe switching to nginx would be an easy out?
[00:23] <tdelam> no, this is a bandaid solution. This server is actually a proxy server with mod_security rules configured specifically for this site, which was built in 1996 and neglected... It's a bandaid while we rebuild a new one.
[00:23] <tdelam> Funny thing is, the company is absolutely massive, how it ever got this state we'll never know. =/
[00:25] <sdeziel> tdelam: Ondřej Surý has a PPA with fresh Apache: https://launchpad.net/~ondrej/+archive/ubuntu/apache2?field.series_filter=trusty
[00:27] <tdelam> :o
[00:28] <tdelam> this may be what I need!
[00:29] <sdeziel> as always with PPA, be careful :)
[00:29] <sarnold> tdelam: maybe your auditors can be convinced with this instead? http://people.canonical.com/~ubuntu-security/cve/pkg/apache2.html
[00:29] <tarpman> ondrej is decently trustworthy, as ppas go
[00:29] <sdeziel> I trust Ondřej but I never tested this PPA personally
[00:30] <sarnold> tdelam: .. and out of curiosity, do they perchance also sell services to keep self-compiled apache up to date? :)
[00:30] <tdelam> sarnold: I tried :(
[00:30] <tdelam> sarnold: hah no, only internet, tv, phone, mobility, etc
[00:30] <sarnold> hah
[00:31] <sarnold> I've got a feeling the only people who run self-compiled apache are (a) clients of pci compliance firms (b) apache developers
[00:32] <tdelam> yea, if this doesn't work then I'll be doing that next, rebuilding all modules too, probably a pain
[00:32] <maxb> I run lots of self-compiled apache at work. If you actually care about tracking the latest version, it's a pretty easy thing to script the usual configure-make-install for it
[00:33] <maxb> Less so if you depend on more than one or two separate modules, granted
[00:33] <sdeziel> feels a bit like Gentoo at this point ;)
[00:33] <tdelam> heh
[00:34] <sarnold> heh okay (a) clients of pci firms (b) apache devs (c) maxb :D
[00:37] <sdeziel> tdelam: looking at the 2.4.10 changelog, I'm not sure what they want specifically? The ability to use large DH params?
[00:40] <tdelam> sdeziel: nope, not feature specfic either, just version; nothing more... it makes no sense, I have pleaded my case and provided many CVE's that clearly show that our current Apache version addresses ALL their issues.
[00:41] <tdelam> they rather spend more money on us upgrading to the latest than reading the CVE's provided
[00:41] <tdelam> like the old saying goes; more money than brains.
[00:41] <sdeziel> oh well
[00:41] <sarnold> I wonder, sometimes you hear about pci firms that can be convinced "running most recent packaged version" is sufficient; maybe we ought to go to some effort to promote them and publicly chastise the ones that want you to compile and run the webserver yourself
[00:43] <tdelam> sdeziel: thanks, this solved the problem. I now have 2.4.20 installed
[00:43] <tdelam> sarnold: yea, I don't even know either.
[00:43] <sdeziel> tdelam: thank Ondřej then :)
[00:44] <tdelam> it's bonkers. Why would a PCI place want you to run non-stable software when clearly the stable version consists of the patches that they're concerned about.
[00:44] <sarnold> I mean, all due respect to ondrej, but you've just gone from running a package that's potentially reviewed by millions to a package potentially reviewed by hundreds; and from "ubuntu security team fixes bugs" to "ondrej fixes bugs"
[00:44] <sdeziel> trying to understand their logic is probably drive you insane
[00:44] <tdelam> sdeziel: I will donate some money to him, he has a link on the link you gave me.
[00:44] <sarnold> indeed
[00:45] <tdelam> sarnold: exactly my point :/ so weird
[00:46] <tdelam> they're so enamoured with a version number that they're probably not even considering the fact that 2.4.20 might have issues, unknown security issues.
[00:46] <sdeziel> the safest way might be to patch the Ubuntu sources to s/2.4.7/2.4.10/
[00:47] <sdeziel> but I wouldn't risk cheating like that
[00:48] <tdelam> yea, I am ok with this, 2.4.20. Fine by me, if they want to downgrade yet again they'll send thousands our way again and mayb realize the stupidty with this
[00:48] <tdelam> restore from an image, and rinse repeat.
[00:48] <tdelam> so silly.
[00:50] <tdelam> .
[00:50] <tdelam> woops
[00:51] <tdelam> hmmm https://deb.sury.org/pages/ No such thing as that, sorry Page Not Found. I can't donate :/
[00:52] <tdelam> found it
[00:54] <tdelam> thanks for all your help guys
[00:54] <sdeziel> you are welcome
[02:38] <tjbenator> Anyone having a problem with Ubuntu Server 16.04 booting to a blank screen? I can manually switch to tty[1-6], but it would be nice if it would boot to one of them
[04:18] <FarhaadN> how to disbale apt-check?
[04:21] <FarhaadN> no response?
[04:33] <FarhaadN> 483 people and anyone know about that?
[08:38] <SupaYoshi> I have a VPS with Ubuntu Server, and am running a few websites on it. The host says I exceed theyre CPU load policy / CPU abuse, according to them the values are as following: We allow a CPU load average of no more than 0.9 constant and bursts up to 2. You regularly exceed this.
[08:38] <SupaYoshi> Should I switch to another VPS? or offload some websites of this VPS to anothre VPS?
[08:38] <SupaYoshi> Also, how can I determine which website is causing the high cpu load most likely?
[09:09] <SupaYoshi>  11:07:34 up 20:30,  1 user,  load average: 8.07, 7.52, 7.25
[09:09] <SupaYoshi> Im obviously doing somthing wrong, but not sure what processes are causing such an high cpu load
[09:10] <SupaYoshi> my apache seems to be always on top of the list in process usage
[11:27] <fm76_italy_ba> Ciao a tutti from Italy. I installed on my ubuntu mate apache2 but i cannot create a folder or a document in the var/www folder. can anybody help me? thank you ... grazie
[12:05] <vbotka> fm76_italy_ba, apache2 is running with UID www-data; you might want to check the permissions
[12:09] <fm76_italy_ba> I'm a newbie about linux are you willing to help me step by step? also in PM
[15:12] <devster31> so I have USERGROUPS enabled in login defs, the default umask is 022 which gets relaxed to 002, however when I sudo -i the umask for root is still 022, why is that?
[17:52] <kurt_> When using conjure-up to deploy openstack on a single node, it keep telling me lxd is not configured when using a created bridge (`br0`) and launching `sudo lxd init` like in this blog post: https://insights.ubuntu.com/2015/11/10/converting-eth0-to-br0-and-getting-all-your-lxc-or-lxd-onto-your-lan/
[17:53] <kurt_> Anyone having done something similar at home?
[17:57] <m-hussain> I am from an SME in the Maldives. I want to deploy a Ubuntu-OpenStack setup with 5 x virtual nodes for openStack components, 5 x physcal nodes for compute (nova) and 2 x HP iSCSI storage. So, will the Ubuntu Advantage **Essentials** subscription allow me to do this?
[18:57] <Aison> how do I use php fpm?!? what do I have to add to my VirtualHost section in apache2
[19:21] <inyourgroove> h
[19:21] <inyourgroove> hello folks
[19:21] <inyourgroove> are there known issues with the phpmyadmin package on 16.04?